Ethical Hacker

Manchester Digital -

Full-time (Temporary)
30k depending on experience
Published on
12 December 2019
Deadline
29 February 2020

We are seeking an outstanding, dynamic and customer-oriented team leader to manage a team of junior ethical hacking consultants who will be providing a range of digital security services to the wider business community.

This is a genuinely unique role, working closely with Manchester Digital, Greater Manchester Police, universities across Greater Manchester and businesses.

The role will be key to the success of the Cyber Resilience Centre which was launched in November to protect Greater Manchester businesses from the threat of online crime. This a fast paced and responsive environment and we are seeking the right individual to join a small, close knit and ambitious team to support university students to work as a team in providing ethical hacking consultancy services to regional businesses. 

The team of junior ethical hackers will need guidance and mentoring to provide businesses with a range of services ranging from vulnerability assessments, cybercrime awareness, phishing campaigns and online footprints. Full training will be given.

The successful candidate will be joining this exciting team right at the beginning of their journey and will require excellent communication and project management skills. The role is ideally suited to someone keen to make a difference to business security and public safety.

We welcome applications from all candidates. 

Senior Ethical Hacker Description

Essential Skills:           Good level of  forensic or digital skills

Period of employment:     Initially 12 months with a 3-month mutual review period

Start date:               Immediate

Location:                              Based within Manchester Digital offices but must be prepared to travel to businesses and other locations across the Greater Manchester area. 

Role

Reporting to the director of the Manchester CRC and working very closely with a wider team, to deliver and manage the centre’s new cyber services and to manage a team of students delivering services to agreed protocols and standards.

The key objectives for this role are:

  • To coordinate and manage the team of junior ethical hacking consultants working directly with partners in universities and policing.

  • To manage and ensure standards of service are met and all projects and services are delivered in a timely manner, to the standards and specifications required (training and guidance given).

  • To produce and quality assure the associated written assessments and products delivered to customers.

  • To work as part of the management team of the new centre and to assist with networking and promotion on behalf of the key stakeholders.

  • To coordinate available and appropriate ethical hackers (guidance given) to fulfill incoming business requests in a timely professional manner.

  • To assist with a range of outreach and presentations to the wider business community along with other team members.

  • To manage, market and coordinate from the agreed pool of ethical hackers, the services offered  to businesses across Greater Manchester. 

  • With the centre’s director - to manage invoicing and fundraising associated with the cyber workstream.

  • To deliver cyber security services ranging from vulnerability assessments, cybercrime awareness presentations, phishing campaigns and digital footprints.

  • With the centre’s communications officer - to regularly assist with cybercrime safety awareness material and blogs for delivery to the wider public.

  • To occasionally provide technical advice and guidance to CRC customers and the wider public

Essential Requirements

  • A computing related bachelor’s degree such as Ethical Hacking or Cyber Security, or relevant experience.

  • Core computing skills including but not limited to:

    • Networking fundamentals – understanding of OSI model, TCP/IP, HTTP, DNS, SMB, SMTP and relevant tool

  • Good knowledge of web application technologies and security assessment.

    • Vulnerability identification and exploitation (not limited to OWASP Top 10)

    • Experience with common assessment tools such as MITM proxies (e.g. Burp Suite Pro) and SQLMap

  • Good knowledge of internal and external infrastructure technologies and security assessment including but not limited to:

    • Identification and exploitation of misconfigurations or known vulnerabilities in common enterprise infrastructure and services (Windows Domains, Linux servers, virtualisation, databases, switches/routers, etc.)

    • Window and Linux sandbox/desktop breakout

  • Good knowledge of internal and external infrastructure technologies and security assessment including but not limited to:

    • Identification and exploitation of misconfigurations or known vulnerabilities in common enterprise infrastructure and services (Windows Domains, Linux servers, virtualisation, databases, switches/routers, etc)

    • Window and Linux sandbox/desktop breakout

  • Knowledge of a scripting language such as Python (preferred), Ruby, PowerShell or Bash, for the development of new, or editing existing, tools

  • Excellent communications skills (both verbal and written) including presentation experience

  • High level of computing skills, including proficient use of the Microsoft Office suite

  • High level of attention to detail and working to deadlines, with the ability to work under pressure

  • Excellent organisational and time management skills with the ability to prioritise workload

  • Ability to work on own initiative

  • Discretion and understanding of the need to respect confidentiality

  • Ability to convey technical information in an accessible manner

  • Flexible approach to work

  • Full UK driving license and use of own vehicle

  • Experience of using a CRM system (desirable)

Desirable

  • Knowledge of open source intelligence gathering techniques. Including but not limited to use of advanced google techniques, DNS, domain registration, certificate transparency, and other public sources of information

  • Experience with live bug bounties, particularly where automation has been implemented

  • Knowledge of security considerations in the cloud (AWS, Azure and GCP), particularly identifying vulnerable configurations through management and API access along with exploitation of web/infrastructure vulnerabilities specific to cloud environments

  • Knowledge of mobile application vulnerability identification and exploitation including but not limited to Android and iOS app structures, decompliation, code signing, and traffic interception.

Desirable Certifications

  • CRT – CREST Registered Penetration Tester (or above)

  • OSCP – Offensive Security Certified Professional

  • GWAPT – GIAC Web Applications Penetration Tester

Please note as the successful candidate will work closely with policing and business, they will be required to undergo a disclosure check and will be expected to maintain a very high level of confidentiality. 

If you are interested in finding out more about this role, please reply to  - sarah@cyberresiliencecentre.com with a copy of your CV and a covering letter explaining why you would be a good fit for this role.

More jobs at Manchester Digital

Subscribe to our newsletter

Sign up here